- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2025 09:21 AM
We have a Multi-Provider SSO configuration on our instance. One IDP is set up for internal staff members using SAML with Microsoft Azure, which is set as the default and auto-redirect IDP. The other IDP is for external users, configured with OpenID Connect via OKTA.
External users access the system through a URL appended with /login and can click a button labeled "OKTA Login" to access the backend.
The issue arises when external users attempt to access the service portal. For instance, if a catalog item URL from the service portal is shared with an external user who is neither a resolver nor already logged in, the system redirects them to the default Microsoft IDP instead of the intended OKTA IDP.
How can we configure the system to recognize external users and direct them to the appropriate IDP without affecting the user experience?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2025 04:11 AM
Hello @Stephen25 ,
You can check the below article when using multiple Identity providers
https://www.servicenow.com/community/developer-forum/auto-redirect-users-to-correct-idp-when-using-m...
If the above information helps you, Kindly mark it as Helpful and Accept the solution.
Regards,
Najmuddin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2025 05:53 PM - edited 02-08-2025 06:16 PM
@Najmuddin Mohd Thanks for the article. I followed the steps and updated the SSO Source field for external users with the IDP SysID. However, when testing as an external user, I was still redirected to the internal user IDP (Microsoft IDP) instead of the intended OKTA IDP.
After reviewing it again, I realised that when setting the SSO Source field with the IdP in the user table, I needed to prepend sso: to the beginning of the SysID. This detail wasn’t mentioned in the article. Thanks again for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2025 04:11 AM
Hello @Stephen25 ,
You can check the below article when using multiple Identity providers
https://www.servicenow.com/community/developer-forum/auto-redirect-users-to-correct-idp-when-using-m...
If the above information helps you, Kindly mark it as Helpful and Accept the solution.
Regards,
Najmuddin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2025 05:53 PM - edited 02-08-2025 06:16 PM
@Najmuddin Mohd Thanks for the article. I followed the steps and updated the SSO Source field for external users with the IDP SysID. However, when testing as an external user, I was still redirected to the internal user IDP (Microsoft IDP) instead of the intended OKTA IDP.
After reviewing it again, I realised that when setting the SSO Source field with the IdP in the user table, I needed to prepend sso: to the beginning of the SysID. This detail wasn’t mentioned in the article. Thanks again for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2025 06:19 PM
@Stephen25 is this setup correctly? - no auto-redirect IDP should be enabled(Value of glide.authenticate.sso.redirect.idp system property should be empty)
Alternatively you can bypass this step by making the “login_locate_sso.do” page the initial login page.
